FFIEC News

Brabeion Software Announces Next-Generation IT Governance, Risk & Compliance Management Platform

(Oct 03, 2007)-- Brabeion Software announced the next generation of its groundbreaking IT GRC software platform, Brabeion IT Risk & Compliance Manager 3.0 (ITRCM). Brabeion was first to market with a complete IT GRC suite that helps organizations achieve and sustain compliance and optimally manage risks while lowering assessment costs. Brabeion's solutions have been successfully deployed in Global F1000 with dramatic returns on investment. With today's new 3.0 release, Brabeion furthers the IT GRC industry vision by enabling IT risk and compliance to be managed more strategically as a business risk.

New role-based dashboards elevate Brabeion into the industry's first single solution to deliver a unified view of risks across people, processes and technologies tied to regulations, standards and company policies -- eliminating the need to cobble together manual surveys and disparate tools. Brabeion also introduces the industry's first "compliance risk scoring" for assets that factors in the likelihood of IT control failures -- addressing a major gap in today's traditional risk equation that can result in misleading data. New document workflow and repository management features that reduce cycle time and redundancies round out this mature IT GRC offering.

"What's missing today in IT risk and compliance are ways to link risk factors with measures the business can understand and support. Without this critical support, risk and compliance programs die on the vine. Risk scoring based on business processes, information assets, and supporting technologies is therefore vital to making the risk and compliance puzzle work, and it's also essential to making intelligent decisions and mitigation strategies," commented Scott Crawford, research director for analyst firm Enterprise Management Associates. "Solutions that link compliance and risk in this way are building a foundation for more strategic IT GRC programs."

As enterprises struggle to gain control over compliance with numerous regulatory mandates and in the face of complex and continually changing IT environments, they are seeing their compliance focus evolve from the mitigation of negative security threats toward the philosophy that it is part of a comprehensive risk management program -- and are now focusing on getting their risk management programs in place. IT GRC is emerging as an important new market category to give this strategic view toward managing business that is needed in highly regulated environments. According to AMR, thirty percent of the $30 billion IT compliance spend is going to GRC platforms.

Industry analysts and experts agree that the key to this risk-based approach is adopting a disciplined system for defining, measuring and monitoring IT controls, both technical and non-technical. "We are entering into the age of controls enlightenment. Today, there is a major disconnect between policy, procedures and controls measurement, which ultimately creates more holes and more risk. Controls health is an essential element of the risk equation and without it you don't have a total IT GRC view," said Steve Schlarman, chief compliance strategist for Brabeion. "Brabeion aims to solve this disconnect. Everything we do stems from our belief that 'it all begins and ends with auditable policies measured against relevant controls.'"

Brabeion's suite consists of the Brabeion IT Risk and Compliance Manager (ITRCM) and the Brabeion IT Risk and Compliance Center (ITRCC). Brabeion ITRCM is a web-based risk and compliance program management solution that scales across a global, diverse environment. When combined with the Brabeion ITRCC knowledgebase, it is the only solution to automate policy, procedure, standards and controls lifecycle management; perform automated assessments with bi-directional traceability from policies to controls; and offer a deep knowledgebase of proven, audit-ready content (policies, standards and controls) developed with partners including PricewaterhouseCoopers and IT Governance Institute and mapped to frameworks and regulations.

To serve the needs of customers in specific markets, Brabeion provides out of the box content to support for over 30 frameworks and regulations including FFIEC, GLBA and SOX for financial services; FERC and NERC for power and energy; PCI requirements for retail; FISMA for the federal market; and HIPAA for the healthcare market.

Share or bookmarklet this web page at: